[SCM] Packaging for the OpenArena engine branch, debian-experimental, updated. debian/0.8.8-7
Simon McVittie
smcv at debian.org
Fri Sep 14 09:43:56 UTC 2012
The following commit has been merged in the debian-experimental branch:
commit eed3e6469368c38276d2d79abae89f81d881fb71
Author: Simon McVittie <smcv at debian.org>
Date: Fri Sep 14 10:27:28 2012 +0100
Request confirmation before enabling auto-downloading, which is a security risk (Closes: #686648)
diff --git a/debian/changelog b/debian/changelog
index 7c84903..72ea40b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ openarena (0.8.8-7) UNRELEASED; urgency=low
* Merge from 0.8.8-5+deb7u1
- Add patch from upstream to fix a client-triggerable server crash.
Thanks to Poul Sander and Markus Koschany (Closes: #681812)
+ * Request confirmation before enabling auto-downloading, which is
+ a security risk (Closes: #686648)
-- Simon McVittie <smcv at debian.org> Fri, 14 Sep 2012 07:52:53 +0100
diff --git a/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch b/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch
new file mode 100644
index 0000000..6d2a492
--- /dev/null
+++ b/debian/patches/0003-Request-confirmation-if-a-user-enables-auto-download.patch
@@ -0,0 +1,126 @@
+From b2bc13d7043d8a02df081a54e19a999e82f74f2e Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv at debian.org>
+Date: Fri, 14 Sep 2012 10:23:06 +0100
+Subject: [PATCH] Request confirmation if a user enables auto-downloading
+
+The Q3 UI toolkit isn't great at large amounts of text, so just point
+to a deb.li link into the Debian wiki.
+
+Origin: vendor, Debian
+Bug-Debian: http://bugs.debian.org/686648
+---
+ code/q3_ui/ui_firstconnect.c | 17 +++++++++++++++--
+ code/q3_ui/ui_local.h | 1 +
+ code/q3_ui/ui_preferences.c | 40 +++++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 55 insertions(+), 3 deletions(-)
+
+diff --git a/code/q3_ui/ui_firstconnect.c b/code/q3_ui/ui_firstconnect.c
+index 5291aea..7fac4b8 100644
+--- a/code/q3_ui/ui_firstconnect.c
++++ b/code/q3_ui/ui_firstconnect.c
+@@ -194,7 +194,17 @@ FirstConnect_StatusBar_Download
+ =================
+ */
+ static void FirstConnect_StatusBar_Download( void* ptr ) {
+- UI_DrawString( 320, 440, "Auto download missing maps and mods", UI_CENTER|UI_SMALLFONT, colorWhite );
++ UI_DrawString( 320, 440, "Security risk, see <http://deb.li/Q3DL>", UI_CENTER|UI_SMALLFONT, colorWhite );
++}
++
++static void AutoDownloadAction( qboolean result )
++{
++ if (result) {
++ trap_Cvar_SetValue( "cl_allowDownload", 1 );
++ } else {
++ trap_Cvar_SetValue( "cl_allowDownload", 0 );
++ }
++ s_firstconnect.allowdownload.curvalue = result;
+ }
+
+ /*
+@@ -251,8 +261,11 @@ static void FirstConnect_Event( void* ptr, int event )
+ break;
+
+ case ID_ALLOWDOWNLOAD:
+- trap_Cvar_SetValue( "cl_allowDownload", s_firstconnect.allowdownload.curvalue );
+ trap_Cvar_SetValue( "sv_allowDownload", s_firstconnect.allowdownload.curvalue );
++ if ( s_firstconnect.allowdownload.curvalue )
++ UI_ConfirmAutoDownload( AutoDownloadAction );
++ else
++ trap_Cvar_SetValue( "cl_allowDownload", 0 );
+ break;
+
+ case ID_DELAGHITSCAN:
+diff --git a/code/q3_ui/ui_local.h b/code/q3_ui/ui_local.h
+index 0ba5512..1e5b1f6 100644
+--- a/code/q3_ui/ui_local.h
++++ b/code/q3_ui/ui_local.h
+@@ -458,6 +458,7 @@ extern void PlayerSettings_Cache( void );
+ // ui_preferences.c
+ //
+ extern void UI_PreferencesMenu( void );
++extern void UI_ConfirmAutoDownload( void (*action) (qboolean) );
+ extern void Preferences_Cache( void );
+
+ //
+diff --git a/code/q3_ui/ui_preferences.c b/code/q3_ui/ui_preferences.c
+index 32b693f..94d80a0 100644
+--- a/code/q3_ui/ui_preferences.c
++++ b/code/q3_ui/ui_preferences.c
+@@ -131,6 +131,41 @@ static void Preferences_SetMenuItems( void ) {
+ s_preferences.teamchatbeep.curvalue = trap_Cvar_VariableValue( "cg_teamChatBeep" ) != 0;
+ }
+
++
++static void AutoDownloadAction( qboolean result )
++{
++ if (result) {
++ trap_Cvar_SetValue( "cl_allowDownload", 1 );
++ } else {
++ trap_Cvar_SetValue( "cl_allowDownload", 0 );
++ }
++ s_preferences.allowdownload.curvalue = result;
++}
++
++static void UI_ConfirmAutoDownload_Draw ( void )
++{
++ UI_DrawProportionalString( SCREEN_WIDTH/2, 356 + PROP_HEIGHT * 0,
++ "WARNING: This is a security risk.",
++ UI_CENTER|UI_SMALLFONT, color_yellow );
++ UI_DrawProportionalString( SCREEN_WIDTH/2, 356 + PROP_HEIGHT * 1,
++ "More information: <http://deb.li/Q3DL>",
++ UI_CENTER|UI_SMALLFONT, color_yellow );
++}
++
++void UI_ConfirmAutoDownload( void (*action) (qboolean) )
++{
++ if (trap_Cvar_VariableValue( "cl_allowDownload" ) != 0) {
++ /* already set */
++ return;
++ }
++
++ UI_ConfirmMenu_Style(
++ "Auto-download?",
++ UI_CENTER|UI_SMALLFONT,
++ UI_ConfirmAutoDownload_Draw,
++ action);
++}
++
+ static void Preferences_Event( void* ptr, int notification ) {
+ if( notification != QM_ACTIVATED ) {
+ return;
+@@ -216,8 +251,11 @@ static void Preferences_Event( void* ptr, int notification ) {
+ break;
+
+ case ID_ALLOWDOWNLOAD:
+- trap_Cvar_SetValue( "cl_allowDownload", s_preferences.allowdownload.curvalue );
+ trap_Cvar_SetValue( "sv_allowDownload", s_preferences.allowdownload.curvalue );
++ if ( s_preferences.allowdownload.curvalue )
++ UI_ConfirmAutoDownload( AutoDownloadAction );
++ else
++ trap_Cvar_SetValue( "cl_allowDownload", 0 );
+ break;
+
+ case ID_DELAGHITSCAN:
+--
+1.7.10.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 0d39039..cd1e3b1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,6 @@
0001-Use-a-cpp-macro-for-the-game-code-version-so-package.patch
0002-Fix-callvote-kick-player-does-not-exist-crash.patch
+0003-Request-confirmation-if-a-user-enables-auto-download.patch
0031-Fix-FTBFS-on-kFreeBSD.patch
0040-Add-OPENARENA_081_COMPATIBLE-define-for-network-comp.patch
openarena_hurd_support.patch
--
Packaging for the OpenArena engine
More information about the Pkg-games-commits
mailing list